/*
 * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
 * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 */

package java.net;

import java.util.Map;
import java.util.List;
import java.util.Collections;
import java.util.Comparator;
import java.io.IOException;
import sun.util.logging.PlatformLogger;

/**
 * CookieManager provides a concrete implementation of {@link CookieHandler}, which separates the
 * storage of cookies from the policy surrounding accepting and rejecting cookies. A CookieManager
 * is initialized with a {@link CookieStore} which manages storage, and a {@link CookiePolicy}
 * object, which makes policy decisions on cookie acceptance/rejection.
 *
 * <p> The HTTP cookie management in java.net package looks like: <blockquote>
 * <pre>{@code
 *                  use
 * CookieHandler <------- HttpURLConnection
 *       ^
 *       | impl
 *       |         use
 * CookieManager -------> CookiePolicy
 *             |   use
 *             |--------> HttpCookie
 *             |              ^
 *             |              | use
 *             |   use        |
 *             |--------> CookieStore
 *                            ^
 *                            | impl
 *                            |
 *                  Internal in-memory implementation
 * }</pre>
 * <ul> <li> CookieHandler is at the core of cookie management. User can call
 * CookieHandler.setDefault to set a concrete CookieHanlder implementation to be used. </li> <li>
 * CookiePolicy.shouldAccept will be called by CookieManager.put to see whether or not one cookie
 * should be accepted and put into cookie store. User can use any of three pre-defined CookiePolicy,
 * namely ACCEPT_ALL, ACCEPT_NONE and ACCEPT_ORIGINAL_SERVER, or user can define his own
 * CookiePolicy implementation and tell CookieManager to use it. </li> <li> CookieStore is the place
 * where any accepted HTTP cookie is stored in. If not specified when created, a CookieManager
 * instance will use an internal in-memory implementation. Or user can implements one and tell
 * CookieManager to use it. </li> <li> Currently, only CookieStore.add(URI, HttpCookie) and
 * CookieStore.get(URI) are used by CookieManager. Others are for completeness and might be needed
 * by a more sophisticated CookieStore implementation, e.g. a NetscapeCookieSotre. </li> </ul>
 * </blockquote>
 *
 * <p>There're various ways user can hook up his own HTTP cookie management behavior, e.g.
 * <blockquote> <ul> <li>Use CookieHandler.setDefault to set a brand new {@link CookieHandler}
 * implementation <li>Let CookieManager be the default {@link CookieHandler} implementation, but
 * implement user's own {@link CookieStore} and {@link CookiePolicy} and tell default CookieManager
 * to use them:
 * <blockquote><pre>
 *       // this should be done at the beginning of an HTTP session
 *       CookieHandler.setDefault(new CookieManager(new MyCookieStore(), new MyCookiePolicy()));
 *     </pre></blockquote>
 * <li>Let CookieManager be the default {@link CookieHandler} implementation, but use customized
 * {@link CookiePolicy}:
 * <blockquote><pre>
 *       // this should be done at the beginning of an HTTP session
 *       CookieHandler.setDefault(new CookieManager());
 *       // this can be done at any point of an HTTP session
 *       ((CookieManager)CookieHandler.getDefault()).setCookiePolicy(new MyCookiePolicy());
 *     </pre></blockquote>
 * </ul> </blockquote>
 *
 * <p>The implementation conforms to <a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>,
 * section 3.3.
 *
 * @author Edward Wang
 * @see CookiePolicy
 * @since 1.6
 */
public class CookieManager extends CookieHandler {
    /* ---------------- Fields -------------- */

  private CookiePolicy policyCallback;


  private CookieStore cookieJar = null;


    /* ---------------- Ctors -------------- */

  /**
   * Create a new cookie manager.
   *
   * <p>This constructor will create new cookie manager with default
   * cookie store and accept policy. The effect is same as
   * {@code CookieManager(null, null)}.
   */
  public CookieManager() {
    this(null, null);
  }


  /**
   * Create a new cookie manager with specified cookie store and cookie policy.
   *
   * @param store a {@code CookieStore} to be used by cookie manager. if {@code null}, cookie
   * manager will use a default one, which is an in-memory CookieStore implementation.
   * @param cookiePolicy a {@code CookiePolicy} instance to be used by cookie manager as policy
   * callback. if {@code null}, ACCEPT_ORIGINAL_SERVER will be used.
   */
  public CookieManager(CookieStore store,
      CookiePolicy cookiePolicy) {
    // use default cookie policy if not specify one
    policyCallback = (cookiePolicy == null) ? CookiePolicy.ACCEPT_ORIGINAL_SERVER
        : cookiePolicy;

    // if not specify CookieStore to use, use default one
    if (store == null) {
      cookieJar = new InMemoryCookieStore();
    } else {
      cookieJar = store;
    }
  }


    /* ---------------- Public operations -------------- */

  /**
   * To set the cookie policy of this cookie manager.
   *
   * <p> A instance of {@code CookieManager} will have
   * cookie policy ACCEPT_ORIGINAL_SERVER by default. Users always
   * can call this method to set another cookie policy.
   *
   * @param cookiePolicy the cookie policy. Can be {@code null}, which has no effects on current
   * cookie policy.
   */
  public void setCookiePolicy(CookiePolicy cookiePolicy) {
    if (cookiePolicy != null) {
      policyCallback = cookiePolicy;
    }
  }


  /**
   * To retrieve current cookie store.
   *
   * @return the cookie store currently used by cookie manager.
   */
  public CookieStore getCookieStore() {
    return cookieJar;
  }


  public Map<String, List<String>>
  get(URI uri, Map<String, List<String>> requestHeaders)
      throws IOException {
    // pre-condition check
    if (uri == null || requestHeaders == null) {
      throw new IllegalArgumentException("Argument is null");
    }

    Map<String, List<String>> cookieMap =
        new java.util.HashMap<String, List<String>>();
    // if there's no default CookieStore, no way for us to get any cookie
    if (cookieJar == null) {
      return Collections.unmodifiableMap(cookieMap);
    }

    boolean secureLink = "https".equalsIgnoreCase(uri.getScheme());
    List<HttpCookie> cookies = new java.util.ArrayList<HttpCookie>();
    String path = uri.getPath();
    if (path == null || path.isEmpty()) {
      path = "/";
    }
    for (HttpCookie cookie : cookieJar.get(uri)) {
      // apply path-matches rule (RFC 2965 sec. 3.3.4)
      // and check for the possible "secure" tag (i.e. don't send
      // 'secure' cookies over unsecure links)
      if (pathMatches(path, cookie.getPath()) &&
          (secureLink || !cookie.getSecure())) {
        // Enforce httponly attribute
        if (cookie.isHttpOnly()) {
          String s = uri.getScheme();
          if (!"http".equalsIgnoreCase(s) && !"https".equalsIgnoreCase(s)) {
            continue;
          }
        }
        // Let's check the authorize port list if it exists
        String ports = cookie.getPortlist();
        if (ports != null && !ports.isEmpty()) {
          int port = uri.getPort();
          if (port == -1) {
            port = "https".equals(uri.getScheme()) ? 443 : 80;
          }
          if (isInPortList(ports, port)) {
            cookies.add(cookie);
          }
        } else {
          cookies.add(cookie);
        }
      }
    }

    // apply sort rule (RFC 2965 sec. 3.3.4)
    List<String> cookieHeader = sortByPath(cookies);

    cookieMap.put("Cookie", cookieHeader);
    return Collections.unmodifiableMap(cookieMap);
  }

  public void
  put(URI uri, Map<String, List<String>> responseHeaders)
      throws IOException {
    // pre-condition check
    if (uri == null || responseHeaders == null) {
      throw new IllegalArgumentException("Argument is null");
    }

    // if there's no default CookieStore, no need to remember any cookie
    if (cookieJar == null) {
      return;
    }

    PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager");
    for (String headerKey : responseHeaders.keySet()) {
      // RFC 2965 3.2.2, key must be 'Set-Cookie2'
      // we also accept 'Set-Cookie' here for backward compatibility
      if (headerKey == null
          || !(headerKey.equalsIgnoreCase("Set-Cookie2")
          || headerKey.equalsIgnoreCase("Set-Cookie")
      )
          ) {
        continue;
      }

      for (String headerValue : responseHeaders.get(headerKey)) {
        try {
          List<HttpCookie> cookies;
          try {
            cookies = HttpCookie.parse(headerValue);
          } catch (IllegalArgumentException e) {
            // Bogus header, make an empty list and log the error
            cookies = java.util.Collections.emptyList();
            if (logger.isLoggable(PlatformLogger.Level.SEVERE)) {
              logger.severe("Invalid cookie for " + uri + ": " + headerValue);
            }
          }
          for (HttpCookie cookie : cookies) {
            if (cookie.getPath() == null) {
              // If no path is specified, then by default
              // the path is the directory of the page/doc
              String path = uri.getPath();
              if (!path.endsWith("/")) {
                int i = path.lastIndexOf("/");
                if (i > 0) {
                  path = path.substring(0, i + 1);
                } else {
                  path = "/";
                }
              }
              cookie.setPath(path);
            }

            // As per RFC 2965, section 3.3.1:
            // Domain  Defaults to the effective request-host.  (Note that because
            // there is no dot at the beginning of effective request-host,
            // the default Domain can only domain-match itself.)
            if (cookie.getDomain() == null) {
              String host = uri.getHost();
              if (host != null && !host.contains(".")) {
                host += ".local";
              }
              cookie.setDomain(host);
            }
            String ports = cookie.getPortlist();
            if (ports != null) {
              int port = uri.getPort();
              if (port == -1) {
                port = "https".equals(uri.getScheme()) ? 443 : 80;
              }
              if (ports.isEmpty()) {
                // Empty port list means this should be restricted
                // to the incoming URI port
                cookie.setPortlist("" + port);
                if (shouldAcceptInternal(uri, cookie)) {
                  cookieJar.add(uri, cookie);
                }
              } else {
                // Only store cookies with a port list
                // IF the URI port is in that list, as per
                // RFC 2965 section 3.3.2
                if (isInPortList(ports, port) &&
                    shouldAcceptInternal(uri, cookie)) {
                  cookieJar.add(uri, cookie);
                }
              }
            } else {
              if (shouldAcceptInternal(uri, cookie)) {
                cookieJar.add(uri, cookie);
              }
            }
          }
        } catch (IllegalArgumentException e) {
          // invalid set-cookie header string
          // no-op
        }
      }
    }
  }


    /* ---------------- Private operations -------------- */

  // to determine whether or not accept this cookie
  private boolean shouldAcceptInternal(URI uri, HttpCookie cookie) {
    try {
      return policyCallback.shouldAccept(uri, cookie);
    } catch (Exception ignored) { // pretect against malicious callback
      return false;
    }
  }


  static private boolean isInPortList(String lst, int port) {
    int i = lst.indexOf(",");
    int val = -1;
    while (i > 0) {
      try {
        val = Integer.parseInt(lst.substring(0, i));
        if (val == port) {
          return true;
        }
      } catch (NumberFormatException numberFormatException) {
      }
      lst = lst.substring(i + 1);
      i = lst.indexOf(",");
    }
    if (!lst.isEmpty()) {
      try {
        val = Integer.parseInt(lst);
        if (val == port) {
          return true;
        }
      } catch (NumberFormatException numberFormatException) {
      }
    }
    return false;
  }

  /*
   * path-matches algorithm, as defined by RFC 2965
   */
  private boolean pathMatches(String path, String pathToMatchWith) {
    if (path == pathToMatchWith) {
      return true;
    }
    if (path == null || pathToMatchWith == null) {
      return false;
    }
    if (path.startsWith(pathToMatchWith)) {
      return true;
    }

    return false;
  }


  /*
   * sort cookies with respect to their path: those with more specific Path attributes
   * precede those with less specific, as defined in RFC 2965 sec. 3.3.4
   */
  private List<String> sortByPath(List<HttpCookie> cookies) {
    Collections.sort(cookies, new CookiePathComparator());

    List<String> cookieHeader = new java.util.ArrayList<String>();
    for (HttpCookie cookie : cookies) {
      // Netscape cookie spec and RFC 2965 have different format of Cookie
      // header; RFC 2965 requires a leading $Version="1" string while Netscape
      // does not.
      // The workaround here is to add a $Version="1" string in advance
      if (cookies.indexOf(cookie) == 0 && cookie.getVersion() > 0) {
        cookieHeader.add("$Version=\"1\"");
      }

      cookieHeader.add(cookie.toString());
    }
    return cookieHeader;
  }


  static class CookiePathComparator implements Comparator<HttpCookie> {

    public int compare(HttpCookie c1, HttpCookie c2) {
      if (c1 == c2) {
        return 0;
      }
      if (c1 == null) {
        return -1;
      }
      if (c2 == null) {
        return 1;
      }

      // path rule only applies to the cookies with same name
      if (!c1.getName().equals(c2.getName())) {
        return 0;
      }

      // those with more specific Path attributes precede those with less specific
      if (c1.getPath().startsWith(c2.getPath())) {
        return -1;
      } else if (c2.getPath().startsWith(c1.getPath())) {
        return 1;
      } else {
        return 0;
      }
    }
  }
}
